A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00053.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Netapp Subscribe
A700s Subscribe
A700s Firmware Subscribe
Aff A400 Subscribe
Aff A400 Firmware Subscribe
Brocade Fabric Operating System Firmware Subscribe
Fas8300 Subscribe
Fas8300 Firmware Subscribe
Fas8700 Subscribe
Fas8700 Firmware Subscribe
H300e Subscribe
H300e Firmware Subscribe
H300s Subscribe
H300s Firmware Subscribe
H410c Subscribe
H410c Firmware Subscribe
H410s Subscribe
H410s Firmware Subscribe
H500e Subscribe
H500e Firmware Subscribe
H500s Subscribe
H500s Firmware Subscribe
H610c Subscribe
H610c Firmware Subscribe
H610s Subscribe
H610s Firmware Subscribe
H615c Subscribe
H615c Firmware Subscribe
H700e Subscribe
H700e Firmware Subscribe
H700s Subscribe
H700s Firmware Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Rhel Eus Subscribe

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.12:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.12:rc4:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-305.rt7.72.el8 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2021:1739 2021-05-18T00:00:00Z
kernel-0:4.18.0-305.el8 cpe:/o:redhat:enterprise_linux:8 RHSA-2021:1578 2021-05-18T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
kernel-rt-0:4.18.0-193.60.2.rt13.112.el8_2 cpe:/a:redhat:rhel_eus:8.2::nfv RHSA-2021:2719 2021-07-20T00:00:00Z
kernel-0:4.18.0-193.60.2.el8_2 cpe:/o:redhat:rhel_eus:8.2 RHSA-2021:2718 2021-07-20T00:00:00Z

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2020-23177 A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
Ubuntu USN Ubuntu USN USN-4751-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-4752-1 Linux kernel (OEM) vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1902724 cve-icon cve-icon
https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-35508 cve-icon
https://security.netapp.com/advisory/ntap-20210513-0006/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-35508 cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-04T17:02:08.050Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2020-35508

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-26T17:15:12.203

Modified: 2024-11-21T05:27:27.440

Link: CVE-2020-35508

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-12-09T10:00:00Z

Links: CVE-2020-35508 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses